You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+26-22Lines changed: 26 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,48 +1,52 @@
1
1
# Baseline Environment on AWS
2
2
3
+
[View this page in Japanese (日本語)](README_ja.md)
4
+
3
5
Baseline Environment on AWS(BLEA) is a set of reference CDK template to establish secure baseline on standalone-account or ControlTower based multi-account AWS environment. This solution provides basic and extensible guardrail with AWS security services and end-to-end sample CDK code for typical system architecture. This template is also useful to learn more about AWS architecting best practices and how to customize CDK code as we incorporated comments in detail so that users can know why and how to customize.
4
6
7
+
Jump to | [Changelog](CHANGELOG.md) | [Deployment Pipeline](tools/cicd/README.md) | [Standalone to ControlTower](doc/Standalone2ControlTower.md) |
After install CDK, Use below commands instead of "npm ci".
82
+
After install CDK, Use below commands instead of `npm ci`.
79
83
80
84
- Install ncu
81
85
@@ -194,7 +198,7 @@ You need to define deployment parameters on CDK Context. Context values are defi
194
198
195
199
These files define `dev`, `prod`, `ctaudit`, `my` context. cdk.json is managed by git. cdk.context.json doesn't managed by git so you can use it just for your local environmen only.
196
200
197
-
For production stacks, we recommend that you explicitly specify the environment in cdk.json using the `env` property. If you not specified env property, to use CDK_DEFAULT_ACCOUNT and CDK_DEFAULT_REGION variables.
201
+
For production stacks, we recommend that you explicitly specify the environment in cdk.json using the `env` property. If you not specified env property, to use CDK_DEFAULT_ACCOUNT and CDK_DEFAULT_REGION variables.
198
202
199
203
cdk.json
200
204
@@ -317,7 +321,7 @@ We provide several guardrail templates and sample application templates. They ar
317
321
- Governance Base for ControlTower Audit Account.
318
322
319
323
- blea-base-ct-guest.ts
320
-
- Guest Base(for eatch guest account). Setup log bucket, IAM User, Monitoring Chatbot for the account you specified.
324
+
- Guest Base(for each guest account). Setup log bucket, IAM User, Monitoring Chatbot for the account you specified.
321
325
322
326
## Base for Santdalone
323
327
@@ -424,7 +428,7 @@ See `Appendix B`
424
428
425
429
### Deploy
426
430
427
-
Login to Management Account with SSO.
431
+
Login to Management Account with AWS SSO.
428
432
429
433
> Audit account can configure only with AWSControlTowerExecution Role on Management Account
430
434
@@ -450,7 +454,7 @@ Create new account with Account Vending Machine provided by ControlTower.
450
454
451
455
## 5. Deploy Guest Base for CT (to guest account)
452
456
453
-
Login to Guest Account with SSO.
457
+
Login to Guest Account with AWS SO.
454
458
455
459
```
456
460
aws sso login --profile ct-guest-sso
@@ -479,7 +483,7 @@ How to setup: https://docs.aws.amazon.com/systems-manager/latest/userguide/quick
479
483
480
484
Quick Setup provides below:
481
485
482
-
- WS Identity and Access Management (IAM) instance profile roles for Systems Manager.
486
+
- AWS Identity and Access Management (IAM) instance profile roles for Systems Manager.
483
487
- A scheduled, bi-weekly update of SSM Agent.
484
488
- A scheduled collection of Inventory metadata every 30 minutes.
485
489
- A daily scan of your instances to identify missing patches.
@@ -540,12 +544,12 @@ Deploy BLEA via CloudShell on AWS Console.
540
544
Please note that CloudShell will delete environment if you do not use that for 120 days.
0 commit comments